yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
037580b305d0b0771dbe7f5e0f40dfdceeae62ec
Umbraco-CMS/tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Security/UmbracoPasswordHasherTests.cs
Paul Johnson 1ab0bb9254 fix additional legacy password formats (#12120) 
* Added failing test to demo issue.

* Handle old machine key default.
2022-03-10 15:00:16 +01:00

82 lines
3.6 KiB
C#
Raw Blame History

using AutoFixture.NUnit3;
using Microsoft.AspNetCore.Identity;
using Moq;
using NUnit.Framework;
using Umbraco.Cms.Core.Models.Membership;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Serialization;
using Umbraco.Cms.Tests.UnitTests.AutoFixture;
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Infrastructure.Security
{
[TestFixture]
public class UmbracoPasswordHasherTests
{
// Technically MD5, HMACSHA384 & HMACSHA512 were also possible but opt in as opposed to historic defaults.
[Test]
[InlineAutoMoqData("HMACSHA256", "Umbraco9Rocks!", "uB/pLEhhe1W7EtWMv/pSgg==1y8+aso9+h3AKRtJXlVYeg2TZKJUr64hccj82ZZ7Ksk=")] // Actually HMACSHA256
[InlineAutoMoqData("HMACSHA256", "Umbraco9Rocks!", "t0U8atXTX/efNCtTafukwZeIpr8=")] // v4 site legacy password, with incorrect algorithm specified in database actually HMACSHA1 with password used as key.
[InlineAutoMoqData("SHA1", "Umbraco9Rocks!", "6tZGfG9NTxJJYp19Fac9og==zzRggqANxhb+CbD/VabEt8cIde8=")] // When SHA1 is set on machine key.
public void VerifyHashedPassword_WithValidLegacyPasswordHash_ReturnsSuccessRehashNeeded(
string algorithm,
string providedPassword,
string hashedPassword,
[Frozen] IJsonSerializer jsonSerializer,
TestUserStub aUser,
UmbracoPasswordHasher<TestUserStub> sut)
{
Mock.Get(jsonSerializer)
.Setup(x => x.Deserialize<PersistedPasswordSettings>(It.IsAny<string>()))
.Returns(new PersistedPasswordSettings{ HashAlgorithm = algorithm });
var result = sut.VerifyHashedPassword(aUser, hashedPassword, providedPassword);
Assert.AreEqual(PasswordVerificationResult.SuccessRehashNeeded, result);
}
[Test]
[InlineAutoMoqData("PBKDF2.ASPNETCORE.V3", "Umbraco9Rocks!", "AQAAAAEAACcQAAAAEDCrYcnIhHKr38yuchsDu6AFqqmLNvRooKObV25GC1LC1tLY+gWGU4xNug0lc17PHA==")]
public void VerifyHashedPassword_WithValidModernPasswordHash_ReturnsSuccess(
string algorithm,
string providedPassword,
string hashedPassword,
[Frozen] IJsonSerializer jsonSerializer,
TestUserStub aUser,
UmbracoPasswordHasher<TestUserStub> sut)
{
Mock.Get(jsonSerializer)
.Setup(x => x.Deserialize<PersistedPasswordSettings>(It.IsAny<string>()))
.Returns(new PersistedPasswordSettings { HashAlgorithm = algorithm });
var result = sut.VerifyHashedPassword(aUser, hashedPassword, providedPassword);
Assert.AreEqual(PasswordVerificationResult.Success, result);
}
[Test]
[InlineAutoMoqData("HMACSHA256", "Umbraco9Rocks!", "aB/cDeFaBcDefAbcD/EfaB==1y8+aso9+h3AKRtJXlVYeg2TZKJUr64hccj82ZZ7Ksk=")]
public void VerifyHashedPassword_WithIncorrectPassword_ReturnsFailed(
string algorithm,
string providedPassword,
string hashedPassword,
[Frozen] IJsonSerializer jsonSerializer,
TestUserStub aUser,
UmbracoPasswordHasher<TestUserStub> sut)
{
Mock.Get(jsonSerializer)
.Setup(x => x.Deserialize<PersistedPasswordSettings>(It.IsAny<string>()))
.Returns(new PersistedPasswordSettings { HashAlgorithm = algorithm });
var result = sut.VerifyHashedPassword(aUser, hashedPassword, providedPassword);
Assert.AreEqual(PasswordVerificationResult.Failed, result);
}
public class TestUserStub : UmbracoIdentityUser
{
public TestUserStub() => PasswordConfig = "not null or empty";
}
}
}
Reference in New Issue View Git Blame Copy Permalink